Skip Navigation

Cybersecurity @sh.itjust.works

Nemeski @lemm.ee

5d ago

Microsoft: Windows 'inetpub' folder created by security fix, don’t delete

www.bleepingcomputer.com

Just a moment...

Windows @sopuli.xyz

Nemeski @lemm.ee

6d ago

Microsoft: Windows 'inetpub' folder created by security fix, don’t delete

www.bleepingcomputer.com /news/security/microsoft-windows-inetpub-folder-created-by-security-fix-dont-delete/

22 comments

Sounds like the OS is put together with duct tape if deleting an empty folder can break things so easily
- Or worse, (tinfoil hat on), they are planning on installing and abusing iis on everyone's PC. Ad delivery?
  I don't see how this can be a security risk, I really want more details.
  Cve: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21204
  
  Another possible explanation from Hanlon's razor: MS is going all-in on vibe coding
  
  it's nothing 'new'. i have encountered empty inetpub folders frequently, on systems with no business having it in the first place.. for years now.
- Deleting random stuff from your system that the OS put there, because "it's empty so surely it is fine", is generally not a recipe for success.
  
  Neither is putting random system files/folders in the C: drive outside of where they need to be, like in the Windows folder
  
  Yeah... This reeks of stupidity, though. It's a folder used by iis but you need it even if iis isn't installed.

Uh oh, someone hardcoded c:\inetpub in their code 12 years ago.
- Please, this is Windows. That's been sitting in the source code since 1993, but nobody at Microsoft knows why or how to remove it, so they just tell you to not touch the folder.
  
  Yea, like they said. 12 years ago.

You’re telling me that enterprise CTOs trust this company to run their entire IT infrastructure?

22 comments